Information Security Risk Management

Charles K. Owusu

Bowie, MD 240-***-**** ad1q0u@r.postjobfree.com

PROFESSIONAL SUMMARY

Information Security Professional with 7+ years of experience in IT compliance, vulnerability assessments and management. Specialties in Risk Management, Certification & Accreditation (C&A), Information Assurance, National Institute of Standards & Technology (NIST), Federal Information Processing Standards (FIPS) and SP-800 Series Guidance, Federal Information Security Management Act (FISMA), System Security Continuous Monitoring and, Audit engagements, Testing of Information Technology controls and developing Security policies, procedures and guidelines. I also possess strong problem-solving skills, grounded knowledge in Risk Management Framework (NIST-RMF) and Systems Development Life Cycle (SDLC).

ACHIEVEMENTS/TECHNICAL COMPETENCIES

Developed Security documentations (SSP, CP, CPT, POA&M, PTA, PIA, RAR)

Developed Security Assessment Artifacts (SAP, TEST PLANS, SAR)

Deeply knowledgeable in FISMA compliance and NIST Special Publications

Efficient in preparing ATO packages

Efficient in Continuous Monitoring tasks such as Scan Analysis, update Security Documentations, Security Impact Analysis, Contingency Plan Test and Annual Assessments

Specialized in NIST RMF

Efficient in Preparing Security Assessment & Authorization packages

Efficient in preparing Risk Assessment according to NIST standards

POA&M and Risk Management specialist

Experience investigating security events, threats and vulnerabilities and implementing solutions to minimize security breaches

Auditing, compliance, and regulatory experience

Education & Credentials

Morgan State University

Bachelor of Science in Finance

Certifications

Security + (CompTIA)

Certified Authorization Professional (CAP)

Certified Information Security Manager (CISM)

Technology Skills

Retina Network Security Scanner, NESSUS, NMAP, NSAT, CSAM

Unix-Based Systems, Windows XP, 7, 10 MAC OS X

MS Office (Word, Excel, PowerPoint, Access, Outlook)

Professional Experience

Tightech Consulting, MD October 2018-Present

Information Security Analyst

Ensure Implementation of appropriate security control for Information System based on NIST Special Publication 800-53 rev 4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199.

Collaborate with system administrators to remediate (POA&Ms) findings. Ensure vulnerabilities and risks are efficiently mitigated in accordance with the organization continuous monitoring Plan.

Monitor controls post authorization to ensure continuous compliance with the security requirements.

Identify new, maintain and disposal of information system inventory in accordance with established policies and procedures, ensure accurate configuration management and property accountability.

Modify and maintain procedures, operational process document, change control document, operational checklist, detailed system specifications and procedures.

Develop training materials for employees on data protection.

Conducted security assessment interviews to determine the Security posture of the System and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company “Authorization To Operate” (ATO), the Risk Assessment, System Security Plans, and System Categorization.

Performed information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements.

Capital One Bank, VA August 2016 – September 2018

Information Security/Compliance Analyst

Participate in client interviews to determine the security posture of the System.

Prepare and submit Security Assessment Plan (SAP) for approval.

Conducted initial assessment, and performed continuous monitoring of security control post assessment.

Worked with System Owner to develop and perform periodic testing of contingency and disaster recovery plan.

Develop and update Security Plan, Plan of Action and Milestones (POA&M).

Monitor controls post authorization to ensure continuous compliance with the security requirements.

Prepare and update the Security Assessment Report (SAR)

Analyze and perform technical and non-technical security risk assessments of computer and network systems via network scans, interviews, documentation review and walk-through of both new and existing federal information systems for FISMA compliance using NIST guidelines and controls.

Conduct Risk Assessment on all system changes.

Re-assess remediated controls for effectiveness.

Paradyme Management, MD June 2016 – August 2016

Information Technology Corporate Intern

Assigned issues to appropriate support group for thorough support and prompt resolution.

Researched and analyzed Business, Technical, Functional and User Interface requirement of a project.

Created test scenarios, test conditions and expected results and test cases.

Executed test scripts and document results.

Logged defects and verify defect fixes.

Monitored network performance and troubleshoot problem areas as needed.

Cross-trained and provided back-up for other IT support representatives when needed.

References available upon request

Contact this candidate